[FFmpeg-trac] #8222(avfilter:closed): A potential Use-After-Free bug
FFmpeg
trac at avcodec.org
Mon Oct 7 12:03:48 EEST 2019
#8222: A potential Use-After-Free bug
------------------------------------+------------------------------------
Reporter: wurongxin | Owner:
Type: defect | Status: closed
Priority: normal | Component: avfilter
Version: git-master | Resolution: invalid
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
------------------------------------+------------------------------------
Comment (by wurongxin):
Replying to [comment:1 richardpl]:
> last_expr is never freed.
> Also valgrind shows nothing.
It is possible that last_expr points to the same memory location of arg
(See Line 138). When the loop from Line 130--140 only is executed once,
last_expr will still point to arg. Since arg can be the memory same
location as args, when free args (Line 142), last_expr can be freed. Can
you double check this?
--
Ticket URL: <https://trac.ffmpeg.org/ticket/8222#comment:2>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list